As we turn the page on 2018, let’s reflect on some of the key privacy and cybersecurity issues that will continue to occupy our hearts and minds in 2019....more
1/4/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
Cybersecurity ,
Data Breach ,
Data Security ,
Internet of Things ,
Marriott ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
Verizon ,
Yahoo!
The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
11/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Employment Litigation ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
The U.S. Securities and Exchange Commission (SEC) has joined the government chorus in sounding the alarm about the rapid rise in "business email compromises" that are victimizing organizations across industry sectors....more
10/23/2018
/ Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Electronic Communications ,
Email ,
Fraud ,
Internal Controls ,
Popular ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Vulnerability Assessments
Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance...more
6/6/2018
/ Beneficial Owner ,
BSA/AML ,
Customer Due Diligence (CDD) ,
Cyber Threats ,
Cybersecurity ,
Financial Fraud ,
Fraud Prevention ,
Money Laundering ,
OCC ,
Popular ,
Risk Management ,
Third-Party Risk
South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed...more
5/21/2018
/ Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Incident Response Plans ,
Information Technology ,
Insurance Industry ,
NAIC ,
Popular ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
Third-Party Service Provider
The fallout from the Yahoo data breaches continues to illustrate how cyberattacks thrust companies into the competing roles of crime victim, regulatory enforcement target and civil litigant. ...more
5/14/2018
/ Class Action ,
Criminal Conspiracy ,
Criminal Prosecution ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Failure To Disclose ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Publicly-Traded Companies ,
Russia ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Yahoo!
The U.S. Court of Appeals for the Seventh Circuit has reinstated a data breach class action filed against Barnes & Noble (B&N). The litigation, styled as Dieffenbach v. Barnes & Noble, Inc., now heads back to the U.S....more
4/16/2018
/ Article III ,
Barnes and Noble ,
Corporate Counsel ,
Data Breach ,
Debit and Credit Card Transactions ,
Economic Injuries ,
Federal Rule 12(b)(1) ,
Federal Rule 12(b)(6) ,
Hackers ,
Injury-in-Fact ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Putative Class Actions ,
Reinstatement ,
Standing ,
State Data Breach Notification Statutes ,
UDAAP
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
South Dakota has become the 49th State to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The law will take effect on July 1, 2018....more
3/23/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
The beleaguered law firm at the center of the international Panama Papers scandal – Mossack Fonseca – has announced that it is closing its doors. It offered no apologies....more
3/16/2018
/ Banking Sector ,
Beneficial Owner ,
Corruption ,
Criminal Investigations ,
Data Breach ,
Money Laundering ,
Mossack Fonseca ,
Offshore Funds ,
Panama Papers ,
Popular ,
Shell Corporations ,
Tax Haven ,
White Collar Crimes
On February 21, 2018, the U.S. Securities and Exchange Commission approved the release of Interpretive Guidance relating to public company disclosures of cybersecurity risks and incidents. ...more
2/23/2018
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Insider Trading ,
Interpretive Rule ,
Non-Public Information ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
The U.S. Supreme Court on Monday denied the petition for certiorari seeking review of the U.S. Court of Appeals for the Ninth Circuit's most recent decision in Spokeo v. Robins (Spokeo II), foregoing an opportunity to clarify...more
1/25/2018
/ Article III ,
Background Checks ,
CareFirst ,
Class Action ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
Petition for Writ of Certiorari ,
Popular ,
SCOTUS ,
Spokeo v Robins ,
Standing
The State of Washington's Attorney General filed a complaint against Uber Technologies, Inc., (Uber) this week related to the 2016 hack that exposed the personal data of 57 million riders and drivers. The suit is the first...more
In the span of just nine days, the U.S. Court of Appeals for the Eighth Circuit issued two rulings in class actions involving data breaches—one breach in 2013 at brokerage firm Scottrade and another in 2014 at grocery stores...more
9/5/2017
/ Article III ,
Breach of Contract ,
Brokerage Accounts ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Federal Rule 12(b)(6) ,
Grocery Stores ,
Hackers ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Scottrade ,
Standing
The Maryland General Assembly recently amended the Maryland Personal Information Protection Act to expand the definition of personal information, provide a 45-day timeframe for providing notice of a breach, allow for...more
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
The U.S. District Court for the District of Colorado recently dismissed a proposed class action lawsuit filed by financial institutions relating to a 2016 data breach that involved hundreds of Noodles & Company (Noodles)...more
7/27/2017
/ Banking Sector ,
Choice-of-Law ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Economic Loss Doctrine ,
Financial Institutions ,
PCI-DSS Standard ,
Personally Identifiable Information ,
Popular ,
Restaurant Industry
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
7/17/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Risk
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more
President Trump recently signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order sets forth the Trump Administration's policy for cybersecurity of...more
5/18/2017
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Executive Orders ,
Hackers ,
Popular ,
Risk Management ,
Trump Administration
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
The Colorado Division of Securities recently issued proposed rules directed at establishing cybersecurity requirements for broker-dealers and investment advisers. The proposed rules were issued only a month after New York...more
The Federal Trade Commission (FTC) has entered into a proposed consent order requiring digital advertising company Turn Inc. to include a clear and conspicuous notice detailing how it collects, uses, or shares information...more
12/27/2016
/ Advertising ,
Cookies ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Mobile Apps ,
Online Platforms ,
Opt-Outs ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices ,
Web Tracking ,
Websites